WireShark (was called ethereal) is a very nice GUI application that can capture (sniff) network packets of the wire (wireless) network. It’s very handy to use on a desktop or laptop but not on a server: it needs a lot of libraries (GTK dependency) and I don’t not want any extra things on the server.
My solution is to use tcpdump. The tcpdump is a small, CLI application that captures (sniff) network packets just like the WireShark. It can save the captured packets into a file. The format of the file is readable by WireShark. Thus, use tcpdump to capture the network packets on the server then transfer the file to my laptop for analysis via WireShark.
To capture the entire packet using tcpdump (run as root):
# tcpdump -s 0 -i eth0 -w ~/out.txt
Background:
I’ve been doing a lot of network programming. There are people out there who don’t really understand certain protocol yet they don’t use any libraries or tools to help them. Instead, they compose the problematic messages (packets) and said the system doesn’t work. I always have to debug for them by capturing the network packets off the wire and analyze them.